Tuesday, April 17, 2018

U.S. and
U.K. Are Blaming Russia for a Global Hacking Campaign and Giving
Advice on How to Thwart It

… This is the second time this year that the
U.S. and U.K. have attributed cyberattacks on Russia, following their
unprecedented
attribution in February of last year’s extremely expensive
NotPetya
attack. It is also the first time that British and American
agencies have combined such an announcement with technical
advice on countering the threat, aimed at organizations who might
be affected.

The new announcement, which comes in the context
of tensions
over Syria, relates to attacks on government and private-sector
organizations, as well as critical infrastructure providers. The
Internet service providers serving these organizations were also
targeted, according to a joint
statement by the U.S.’s Federal Bureau of Investigation (FBI)
and Department of Homeland Security, and the National Cyber Security
Centre division of the U.K.’s GCHQ intelligence agency.

The difference between competent security
researchers and Facebook? Two hours vs. nine years!!!

Hours after being alerted by KrebsOnSecurity,
Facebook last week deleted almost 120 private
discussion groups totaling more than 300,000 members who flagrantly
promoted a host of illicit activities on the social media network’s
platform. The scam groups facilitated a broad spectrum of shady
activities, including spamming, wire fraud, account takeovers, phony
tax refunds, 419
scams, denial-of-service
attack-for-hire services and botnet
creation tools. The average age of these groups on Facebook’s
platform was two years.

On Thursday, April 12, KrebsOnSecurity
spent roughly two hours combing Facebook for groups whose
sole purpose appeared to be flouting the company’s terms of service
agreement about what types of content it will or will not tolerate on
its platform.

… Each of these closed groups solicited new
members to engage in a variety of shady activities. Some
had existed on Facebook for up to nine years; approximately
ten percent of them had plied their trade on the social network for
more than four years.

EFF:
“We filed an amicus
brief in a federal appellate case called United States v.
Ackerman Friday, arguing something most of us already thought
was a given—that the Fourth Amendment protects the contents of your
emails from warrantless government searches. Email and other
electronic communications can contain highly personal, intimate
details of our lives. As one
court noted, through emails, “[l]overs exchange sweet nothings,
and businessmen swap ambitious plans, all with the click of a mouse
button.” In an age where almost all of us now communicate via
email, text, or some other messaging service, electronic
communications are, in effect, no different from letters, which the
Supreme Court held were protected by the Fourth Amendment way back in
1878.
Most of us thought this was pretty uncontroversial, especially since
another federal appellate court held as much in a 2010 case called
United
States v. Warshak. However, in
Ackerman,
the district
court added a new wrinkle. It held the Fourth Amendment no
longer applies once an email user violates a provider’s terms of
service and the provider shuts down the user’s account…”

The French government is building its own
encrypted messenger service to ease fears that foreign entities could
spy on private conversations between top officials, the digital
ministry said on Monday.

None of the
world’s major encrypted messaging apps, including Facebook’s
WhatsApp and Telegram – a favorite of President Emmanuel Macron –
are based in France, raising the risk of data breaches at servers
outside the country.

Hard
Questions: What Data Does Facebook Collect When I’m Not Using
Facebook, and Why?

… When does Facebook get data about
people from other websites and apps?

Many websites and apps use Facebook services to
make their content and ads more engaging and relevant. These
services include:

Social
plugins, such as our Like and Share buttons, which make other
sites more social and help you share content on Facebook;

Facebook
Login, which lets you use your Facebook account to log into
another website or app;

Facebook
Analytics, which helps websites and apps better
understand how people use their services; and

Facebook ads and measurement tools,
which enable websites and apps to show ads from Facebook
advertisers, to run their own ads on Facebook or elsewhere, and to
understand the effectiveness of their ads.

These
Ex-Spies Are Harvesting Facebook Photos For A Massive Facial
Recognition Database

… over the last five years a secretive
surveillance company founded by a former Israeli intelligence officer
has been quietly building a massive facial recognition database
consisting of faces acquired from the giant social network, YouTube
and countless other websites.

… That database forms the core of a facial
recognition service called Face-Int, now owned by Israeli vendor
Verint after it snapped up the product's creator, little-known
surveillance company Terrogence, in 2017. Both Verint and Terrogence
have long been vendors for the U.S. government, providing
bleeding-edge spy tech
to the NSA, the U.S. Navy and countless other intelligence and
security agencies.

… In September 2014, Apple made
disk encryption the default on iPhone. In theory, that means
that if your phone is locked and protected with a passcode, someone
who gets their hands on it can’t read or extract the data from it
unless they know or can guess the passcode.

… To protect against these kind of attacks,
Apple has made a few changes in recent years. First of all, iPhones
now require 6 digit passcodes by default (but people who have
restored backups when upgrading to newer iPhones may still have 4
digit PINs). Second, after a certain amount of wrong guesses to
unlock the device, iPhones are programmed to delay new guesses.
Finally, there’s even a setting that you can turn on to wipe all
data from the phone after 10 failed passcode attempts, as Apple’s
iOS security guide explains.

If GrayKey works as advertised, it means Grayshift
has found a way to avoid these delays and just keep guessing
passcodes.

Clients
hang up in disbelief when lawyer calls to tell them of $61M verdict
over unwanted calls

… Lawyer John Barrett and his colleagues are
having a hard time getting their message across when they call to
deliver the news, the Wall
Street Journal reports. The clients are hanging up before the
lawyers or a paralegal can explain, or they are hanging up in
disbelief after hearing the figures.

Barrett and co-counsel Brian Glaser won a $20.4
million verdict against Dish last year, an amount that was tripled by
the judge. As a result, more than 18,000 people who received the
calls are each eligible receive $2,400 to $30,000, before payment of
attorney fees and expenses.

The firm began making the calls after fewer than 8
percent of clients who received a letter about the verdict failed to
return the required forms.

“Artificial intelligence may greatly increase
the efficiency of the existing economy. But it may have an even
larger impact by serving as a new general-purpose “method of
invention” that can reshape the nature of the innovation process
and the organization of R&D.

… Since, it was a financial data from the
company, they have also disclosed the revenue and profit they have
earned through the first quarter of this current year. As per their
official financial report, Netflix has generated $3.7 billion in
revenue for Q1 with a net profit of $290 million.

… Google just announced two new “AIY”
(it’s like DIY, but for artificial intelligence) kits that build
upon the ideas the company set forth with its first-generation kits.
This time around, however, the new kits ship with everything a
student might need to build AI solutions, including a Raspberry Pi
Zero WH board.

“We’re taking the first of many steps to help
educators integrate AIY into STEM lesson plans and help prepare
students for the challenges of the future by launching a new version
of our AIY kits,” Billy Rutledge, Director of AIY Projects at
Google, wrote
in a blog post. “The Voice Kit lets you build a voice
controlled speaker, while the Vision Kit lets you build a camera that
learns to recognize people and objects. The new kits make getting
started a little easier with clearer instructions, a new app and all
the parts in one box.”

He continued, “To make setup easier, both kits
have been redesigned to work with the new Raspberry Pi Zero WH, which
comes included in the box, along with the USB connector cable and
pre-provisioned SD card. Now users no longer need to download the
software image and can get running faster. The updated AIY Vision Kit
v1.1 also includes the Raspberry Pi Camera v2.”

This is a very cool example of a tech company
taking some initiative to help encourage communities to enhance their
STEM programs in schools. Google’s new AIY Voice
Kit and Vision
Kit are already available online at Target.com and in Target
stores across the country, and Google hopes to offer them in other
regions in the coming months. The Voice Kit is available for $49.99,
while the more complex Vision Kit costs $89.99.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.